JP2003046527A - Communication device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a protocol communication device that decreases number of identifiers (addresses) temporarily assigned to communication terminals, in the case of communication between the terminals adopting different protocols. SOLUTION: The communication device connected to a plurality of first and second terminals is provided with a first means that stores conversion addresses of each of a plurality of the first terminals, a second means that acquires the address of the second destination terminal, on the basis of a name resolution request of the destination second terminal upon the receipt of the name resolution request of the destination second terminal from the sender first terminal, a third means that retrieves the conversion address from the first means, on the basis of the acquired address of the destination second terminal, and a fourth means that informs the sender first terminal about the retrieved conversion address.

Description

Detailed Description of the Invention

[0001]

TECHNICAL FIELD The present invention relates to an IP (Internet pro
tocol) technology, especially Ipv4 (Internet Protocol Ver
sion 4) Technology for interconnecting networks and IPv6 (Internet Protocol Version 6) networks.

[0002]

2. Description of the Related Art Conventionally, the traffic flowing through a public communication network has been mainly voice traffic of telephones through a circuit switching network. However, nowadays, not only simple text-based information, but also data traffic that transfers large-capacity information such as images, moving images, music, etc. is rapidly increasing. Most of the IP (Int
ernet Protocol) communication. In such a trend, various devices such as mobile terminals, cars, and home information appliances have come to implement the IP communication function. In some cases, voice traffic is transmitted using IP as well as data traffic. There is. As such, IP-based communication networks are rapidly increasing in size.

With the spread of IP, exhaustion of IP addresses for identifying individual IP devices has become a big problem. Furthermore, it is considered that this address depletion problem will accelerate in the future due to the increase in Internet connections of various devices other than PCs. Therefore, there is a growing need for migration and coexistence to the next-generation IP standard "IPv6" that has a vast address space (128-bit address width) and has advanced functions such as security, priority control, and automatic configuration. ing.

However, the current IP standards IPv4 to IPv6
Considering a concrete migration method to IPv6, enormous cost is required to make the existing IPv4 network compatible with IPv6 at the same time because it is necessary to replace the components such as routers and to expand the functions by software replacement / addition. Becomes In addition, operational risk is required for device replacement and function expansion during operation. Therefore, it is necessary to gradually move to IPv6 without significantly affecting the existing IPv4 network. At this time, during the transitional transition period when IPv4 and IPv6 networks coexist, technology that enables mutual communication between both networks is required.

In order for a device having only an IPv4 communication function and a device having only IPv6 to communicate with each other, it is necessary to convert an IPv4 packet and an IPv6 packet somewhere on a relay route. Also, IPv6 terminals and IPv4 terminals have IPv6 address (128bit) and IP, respectively.
Address system of v4 address (32bit) is different. It is the communication device that has the IPv4 / IPv6 conversion function that performs this conversion. A well-known example is IETF (Internet Engineering Task
Force) `` Network Address Translation Protocol Tr
anslation (NAT-PT) '' (RFC (Request For Comment) 2766)
There is. When accessing an IPv4 terminal from an IPv6 terminal, the IPv4 address of the communication partner can be embedded in the lower 32 bits of the destination IPv6 address information of the packet, and this is used as a temporary virtual IPv6 address of the IPv4 terminal. On the other hand, when accessing an IPv6 terminal from an IPv4 terminal, it is necessary to temporarily assign an IPv4 address to the IPv6 terminal of the communication partner, so if multiple IPv6 terminals are accessed at the same time, the IPv4 terminals You need an address. These are RFC2766 related to communication devices with IPv4 / IPv6 conversion function.
(Page: 6,7,12,13).

As the transition from IPv4 to IPv6 increases, services such as priority control and bandwidth control are provided for network traffic, and internal system security is enhanced by limiting access from the outside. (For example, a firewall) is required. In order to guarantee the communication quality and the internal safety of the system, each node relaying the network now has a function of identifying priority information in a packet and performing priority control. RSVP is the technology currently used for priority control.
(Resource reservation protocol) (RFC 2205), Dif
There is fServ (Differentiated Service). These techniques are not implemented in the communication device described in the above description.
To supplement these technologies with a communication device, they must be used in conjunction with a node implementing these technologies.

[0007]

[Problems to be Solved by the Invention] Currently, NIC (Network Information Cente
It is difficult to secure sufficient IPv4 addresses (global addresses) assigned by public institutions such as r), and in the future, IPv6 will be applied to large-scale networks and one-to-one peer-to-peer communication (Peer-to- (Peer: P2P) Due to the spread of communications, IP
When the number of v4 terminal users accessing an unspecified number of IPv6 terminals increases, a large number of virtual IPv4 addresses that are temporarily assigned are required for communication devices with IPv4 / IPv6 conversion functions. .

However, in the conventional technology, IPv6 terminals and IPv4 terminals are used.
When a terminal communicates, a communication device equipped with an IPv4 / IPv6 conversion function had to allocate a temporary virtual IPv4 address to an IPv6 terminal and a temporary virtual IPv6 address to an IPv4 terminal. .

Further, as a conventional technology for guaranteeing communication quality, for example, when priority control is performed between nodes relaying a network, all nodes in the network have a function for identifying the same priority information. Therefore, it is difficult to extend such a function to an existing node in a large scale network. Also,
Even if it has a function to distinguish between nodes, it cannot be applied to all current networks. Moreover, since the priority information for identifying is in the packet, it is necessary to identify the priority information in all the packets.

All data transmitted and received between the IPv4 and IPv6 networks pass through the communication device. The data passing through the communication device includes a wide variety of data, from priority-oriented data to unreliable data. From such a background, the communication device is required to have a function capable of coping with the various types of data described above.

An object of the present invention is to provide a communication device capable of reducing the number of virtual IPv4 addresses.

Another object of the present invention is to provide a communication device capable of handling a wide variety of communication data.

[0013]

In order to solve the above-mentioned problems, a communication device according to the present invention comprises an IPv4 network and an IPv6 network.
A communication device with an IPv4 / IPv6 conversion function that is connected to both sides of the network can manage the conversion connection for each IPv4 source terminal and the IPv6 from the source IPv4 terminal.
It has a function of responding to a terminal name resolution (DNS) request with an address that can be managed by the above function.

Also, the fact that all traffic passes through the communication device is utilized to guarantee the communication quality for all packets. As means for guaranteeing the communication quality, information for guaranteeing the communication quality is centrally managed in the communication device for each terminal. A service that guarantees communication quality is provided by using this centrally managed terminal information.

[0015]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below.
A description will be given with reference to the drawings.

FIG. 1 is a diagram showing the configuration of a network to which the present invention is applied.

The IPv4 terminal and the IPv6 terminal exchange data based on the destination address and the source address in the header of the packet to be transmitted and received.

IPv4 terminal X 3 and IPv4 terminal Y 4 are IPv6 terminal A
1 When sending IPv4 packet to IPv6 terminal B 2, communication device
5 sets the destination address of the IPv4 packet received by `` 192.168.0.
By setting the same as 1 ”, it is possible to reduce the virtual IPv4 address (hereinafter, virtual IPv4 address) reserved (pooled) in the communication device.

The network configuration diagram will be described below. (1) Hardware FIG. 2 shows a block diagram of the communication device 5. The IPv4 network connection interface 23 is an interface for connecting to the IPv4 network 6. The IPv6 network connection interface 21 is an interface for connecting to the IPv6 network 7.

The switch 22 in the communication device 5 uses the IPv6 network connection interface 21 or the IPv4 network connection interface based on the destination address of the packet converted from IPv4 to IPv6 or from IPv6 to IPv4.
The packets are sent to 23.

The storage unit 26 in the communication device 5 includes a local DNS (Domain Name System) table 261, a destination address table 262, an address management table 263, a connection management table 264, and a connection data storage unit 265.
Composed of and.

The control unit 25 activates the main program 245 from the program storage unit 24, loads the appropriate program when performing each process, performs arithmetic processing, and stores the result in each table of the storage unit 26. , Temporarily control
Hold in cache within 25. The program storage unit 24 includes an address management table control program 241, a DNS processing program 242, a packet conversion processing program 243, a connection management program 244, and a main program 245.

All the processing relating to the DNS is performed by the control unit 25 fetching the DNS processing program 242 from the program storage unit 24 and executing the program. The DNS processing program 242 manages the local DNS table 261 and processes a DNS name resolution request from the terminal. Where D
The NS name resolution request is a DNS packet that the IP terminal uses DNS to send to the DNS server to obtain the IP address from the host name of the communication partner. The DNS server that received the packet checks the IP address for the inquired host name from the information of itself or another DNS server, and returns the result to the IP terminal that sent the DNS name resolution request. The DNS packet that the IP terminal sends to the DNS server is “DNS Query”, which is the answer that the DNS server returns to the IP terminal.
DNS packets are called "DNS Reply".

In the processing relating to the source address table 262 and the address management table 263, the control unit 25 uses the address storage table control program 24 from the program storage unit 24.
1 Taken in by executing the program. The address management table control program 241 maps the IPv6 address and the virtual IPv4 address and registers them in the source address table 262 and the address management table 263. A table for managing the correspondence between the actual IP address and the temporarily assigned virtual IP address during packet conversion is provided in the storage device unit 26 in the source address table 262 and the address management table 263. Built as. Source address table 262 is currently IPv6
6 IPv4 network communicating with terminals in network 7
It is a table for registering the terminal in. The address management table 263 is prepared for each IPv4 terminal registered in the source address table 262, and manages the correspondence between the actual IPv6 address of the communication partner (IPv6 terminal) and the temporarily assigned virtual IPv4 address. It is a table to do.

For processing relating to packet conversion, the control unit 25 controls the packet conversion processing program 24 from the program storage unit 24.
It is done by taking in 3 and executing the program.
The packet conversion processing program 243 converts an IPv4 packet into an IPv6 packet or vice versa according to the contents of the address management table 263. The IPv4 / IPv6 conversion function includes a control unit 25, a main program 245, a storage device unit 26, an address management table control program 241, a DNS processing program.
242 and the packet conversion processing program 243.

Further, control for providing each service for guaranteeing communication quality such as priority control and band control for network traffic (hereinafter, connection management)
In order to perform this, the control unit 25, the main program 245, the connection management program 244, the connection management table 264, and the connection data storage unit 265 in the storage unit 26 are realized.

The processing relating to connection management is performed by the control unit.
25 is performed by fetching the connection management program 244 from the program storage unit 24 and executing the program. The connection management table 264 stores tables necessary for connection management and calculation processing results. The connection data storage unit 265 stores terminal information of IPv4 terminals (hereinafter, IPv4 terminal information) and terminal information of IPv6 terminals (hereinafter, IPv6 terminal information). The IPv4 terminal information and the IPv6 terminal information are given in advance by a communication carrier when a new contract for the terminal is made. In addition to this, the network administrator can change each terminal independently according to the usage situation of network traffic, etc.
It can be set in advance like IPv4 terminal information and IPv6 terminal information. This is stored as management terminal information for IPv4 terminals (hereinafter, management IPv4 terminal information) and management terminal information for IPv6 terminals (hereinafter, management IPv6 terminal information).

When performing connection management, the connection data storage unit 265 or existing equipment (equipment storing information equivalent to the connection data storage unit 265,
For example, go to a RADIUS server, LDAP server, etc.) for IPv4 terminal information and IPv6 terminal information, management IPv4 terminal information and management IPv6 terminal information. The acquired terminal information is stored in the address management table 263. Also, connection management is performed using this terminal information. An example of connection management will be described later.

The integrated management system 28 exchanges data via the maintenance interface 27. From this integrated management system 28, the administrator can change the setting of the management terminal information of the IPv4 terminal and the IPv6 terminal when performing the connection management.

In FIG. 3, the source address table 262 and the address management table 2631 (IPv4 terminal X 3), 2632 (IPv4
An example of terminal Y 4) is shown.

The source address table 262 is a table for registering the addresses of IPv4 terminals that are in communication with the IPv6 terminal, and comprises a source IPv4 address field 31. The address management table 263 is prepared for each IPv4 terminal registered in the source address table 262, and the virtual IPv4 address 3
2, IPv6 address 33, timer 34, IPv4 terminal information 35, IPv6
It is composed of fields of terminal information 36, management IPv4 terminal information 37, and management IPv6 terminal information 38. IPv4 terminal information 35, IPv6 terminal information 36, management IPv4 terminal information 37, management IPv6 terminal information 38
The field of is a field used when performing connection management.

The virtual IPv4 address field 32 is set when the table is created. The value to be set is a preset virtual IPv4 address. IPv6 address field 153 and timer field 154 are all set when the table is created.
It is NULL (no value). Further, the value of the timer field 154 increases with the passage of time. This timer field 154 is referred to in the process of deleting the record that is no longer communicated. The fields of the IPv4 terminal information 35, the IPv6 terminal information 36, the management IPv4 terminal information 37, and the management IPv6 terminal information 38 are set when the IPv6 address is registered.
The value to be set is the information of the terminal in the connection data storage unit 265 or the existing equipment (information equivalent to the connection data storage unit 265 is stored).

The address management table 263 is a source IPv4
Address management table 263 created according to address 31
Number of records (number of pooled virtual IPv4 addresses)
Can be changed, and the number of communications to the IPv6 terminal can be limited according to the contract form of the source IPv4 address 31. The virtual IPv4 address that is temporarily assigned may be a plurality of consecutive IPv4 addresses or an individual IPv4 address. In the figure, 192.168.0.1 to 192.168.0.254 are pooled as IPv4 addresses to be virtually assigned.

When the packet conversion is performed, these tables are referred to. (2) Address registration processing (in the case of new registration) FIGS. 4 and 5 use the communication device 5 of the present invention and use the source IPv6.
4 shows an example of a process of returning a virtually assigned IPv4 address in response to a DNS name resolution request from a terminal.

In the example of FIG. 4, the IPv4 terminal X 3 is an IPv6 terminal A.
It shows the case of communicating with 1. The host name of the IPv4 terminal X 3 is “X.v4.com” and the IPv4 address is “10.0.0.1”. Also, the host name of IPv6 terminal A 1 is "A.v6.com", IPv6
6 The address is 10 :: 1 (0010: 0000: 0000: 0000: 0000: 0000:
0000: 0001) "is assigned.

The IPv4 terminal X 3 uses the IPv6 terminal A 3 to check the IP address of the host name “A.v6.com” of the IPv6 terminal A 1.
A DNS name resolution request (DNS Query) including the host name of 1 is transmitted to the communication device 5 (in the figure). Upon receiving that DNS Query, DNS to the local DNS table 261 or another DNS server
IPv6 terminal A 1 by inquiring by name resolution request
Check the IPv6 address of (in the figure). As a result, "10 :: 1" is obtained as the IPv6 address of the host "A.v6.com" (in the figure). After that, the IPv6 address "10 :: 1"
Associate a virtual IPv4 address (`` 192.168.0.1 '' in the example) with, and reply the virtual IPv4 address "192.168.0.1" assigned as the address of IPv6 terminal A 1 to IPv4 terminal X3 with a DNS Reply packet. (In the figure).

These translated address mapping information are:
A source address table 262 and an address management table 263 are created from the address management table control program 241, and are stored and managed in the storage unit 26.

FIG. 5 shows a flowchart in the communication device 5 in this case. Flow charts are shown in Figure 1, Figure 3, and Figure 4.
An example will be described with reference to.

DNS Q sent from IPv4 terminal X 3 "X.v4.com" in order to know the IP address of IPv6 terminal A 1 "A.v6.com"
uery packet is IPv4 network connection interface
When input from 23, the IPv4 address "10.0.0.1" of the IPv4 terminal X3 that is the source of the IPv4 packet of the DNS Query is held (501). Next, based on the host name "A.v6.com" included in the DNS Query, the local DNS table 261 in the storage device unit 26 is searched (502). If the record of the host name and the IP address is found in the process 502, the validity of the IP address "10 :: 1" is confirmed (504). The legitimacy of the data of the process 504 is to confirm whether the found IP address is not a broadcast address or a multicast address, or whether the packet is broken. If such validity cannot be confirmed, an error is returned (507).

In the process 502, the local DNS table 26
IPv6 network 7 if no record found in 1
Sends a DNS Query to another DNS server in the server and attempts to resolve the IPv6 address of the host name "A.v6.com" (503).
Therefore, if there is a DNSReply from the DNS server and name resolution is performed, the validity of the IPv6 address "10 :: 1" of the destination is confirmed (504). When the logic is not established in process 503 or process 504, a DNS Reply indicating an error is returned to the source IPv4 address “10.0.0.1” held in process 501 (507). If the validity of the data is confirmed in processing 504, the IPv6 address "10 :: 1"
Hold (505).

Next, using the source IPv4 address “10.0.0.1” held in the process 501, the source address table
The source address field 31 of 262 is searched (506). Since this flowchart describes the case of new registration, the case where the logic of the process 506 is not established is shown. The source IPv4 address `` 10.0.0.
1 ”is newly registered (508), and one address management table 2631 associated with“ 10.0.0.1 ”of the source IPv4 address field 31 is created (509).

Next, IPv4 terminal information 35 "2", IPv6 terminal information 3
6 "0", management IPv4 terminal information 37 "5", management IPv6 terminal information 3
8 Go to obtain "4" in the connection data storage unit 265 or the existing equipment (which stores information equivalent to the connection data storage unit 265) (511). The terminal information is acquired based on the address “10.0.0.1” of the IPv4 terminal X 3 and the address “10 :: 1” of the IPv6 terminal A 1. If the terminal information can be obtained (512), it is confirmed whether the terminal information exists in the connection data storage unit 265. If the terminal information cannot be acquired, the process 508
The source I registered in the source address table 262.
The Pv4 address "10.0.0.1" is deleted, and the address management table 2631 itself created in process 509 is deleted (513). Returns a DNSReply indicating the error (507).

The terminal information is stored in the connection data storage unit 26.
5 (514), the terminal information is stored in the address management table 2631 in the IPv4 terminal information field 35, the IPv6 terminal information field 36, the management IPv4 terminal information field 37,
Each is stored in the management IPv6 terminal information field 38 (515). If the terminal information does not exist in the connection data storage unit 265, a default value (for example, 0) is stored in the address management table 2631 (516). When the connection management is executed using the terminal information acquired in process 511 (517), the flowchart of FIG. 9 is executed. Since the address registration process is described here, details will be described later. Next, set the timer value to the initial value (51
8).

After that, the virtual IPv4 address "192.168.0.
IPv4 of the sender held in process 501 as "1" as DNS Reply
It is sent to the address "10.0.0.1" (519). (3) Address registration work (when the source address exists) In Fig. 6, in the address registration process, the IPv4 address "10.0.0.1" has already been registered in the source IPv4 address field 31 in the source address table 262. FIG. This flowchart is shown in Figure 1, Figure 3, Figure
4 and the example shown in FIG. 5 will be described.

In this case, the process 501 of the flowchart of FIG.
The same process is performed up to 507, and in process 506, the IPv4 address “10.0.0.1” is set in the source IPv4 address field 31.
If it is found, the destination IPv6 address “10 :: 1” held in the process 505 is used, and the address management table 2631
Search for (601). At this time, while performing the search, keep the location of the record where the NULL field first appeared, but if the NULL field appears before the IPv6 address "10 :: 1", keep that field. deep. Process 601
If a record corresponding to the IPv6 address "10 :: 1" is found in, the timer value is set to the initial value (61
0). The value of the virtual IPv4 address field 32 of that record is sent as a DNS Reply to the source IPv4 terminal (6
11).

If no record is found in the process 601, the IPv6 address "10 :: 1" is registered in the retained NULL field (602).

Next, IPv4 terminal information 35 "2", IPv6 terminal information 3
6 "0", management IPv4 terminal information 37 "5", management IPv6 terminal information 3
8 A series of processing 511 to processing 515 is performed to obtain “4” (603) to (608). Here, in process 513, the source IPv4 address “10.0.0.1” registered in the source address table 262 and the address management table 2631 itself are deleted, but in the case of process 605, the destination registered in process 602 is deleted. IPv6
Delete only the address "10 :: 1".

When the connection management is executed using the terminal information acquired in the process 603 (609), the flowchart of FIG. 9 is executed. Since the address registration process is described here, details will be described later.

Next, the timer value is set to the initial value (61
0), processing 611 is executed. If the NULL field does not exist in the process 602 and acquisition of the terminal information fails, a DNS Reply indicating an error is returned to the source IPv4 terminal (611). (4) Packet conversion processing (from an IPv4 terminal to an IPv6 terminal) FIG. 7 converts an IPv4 packet transmitted from an IPv4 terminal into an IPv6 packet in the communication device 5 according to the present invention,
The flowchart which transmits an IPv6 packet to a terminal is shown.
This flowchart will be described with reference to the examples shown in FIGS. 1 and 3. Further, when the control unit 25 fetches the packet conversion processing program 243 from the program storage unit 24 and executes the program, a virtual 96-bit IPv6 prefix for conversion “20 :: / 96
The file set to (0020: 0000: 0000: 0000: 0000: 0000: :) "is read and the packet for the virtual prefix is set to be routed to the communication device 5. The routing settings in the IPv6 network 7 can also be dynamically set using a routing protocol.

When the IPv4 terminal X 3 sends an IPv4 packet to the virtual IPv4 address “192.168.1” of the IPv6 terminal A 1 (source address 10.0.0.1, destination address 192.1680.0.1),
The IPv4 packet reaches the communication device 5. Communication device 5 is IP
Through the v4 network connection interface 23, the IPv4
The packet is received and the legitimacy of the IPv4 packet is confirmed (701). Here, the validity of the data of the processing 701 is confirmed whether the packet is broken or not. If such validity cannot be confirmed, the sender IPv4 terminal is sent ICMP (Int
ernet Control Message) error (destination unreachable) is returned (709). ICMP errors are known in RFC792 (Page: 4,5).

Next, using the source address "10.0.0.1" of the received IPv4 packet, the source address table 26
Search the source IPv4 address field 31 of 2 (70
2). If a record is found in process 702, the virtual IPv4 address field 32 of the address management table 2631 corresponding to the source address "10.0.0.1" is set to IPv4.
Search using the virtual IPv4 address "192.168.0.1" of the packet (703). In process 703, when the corresponding record is found, it is checked whether the timer value is less than or equal to the set value (704). This set value is a value set in advance in the communication device 5, and if a time equal to or more than the set value elapses after the last packet of the connection corresponding to a certain record is converted by the communication device 5. , Delete that record. In process 704, when the timer value is less than or equal to the set value, the timer value is initialized (705).

Next, the IPv6 of the record found in processing 703
6 The IPv6 address "33: 6" in the address field 33 is used as an IPv6 packet (source address 20 :: 10.0.0.1, destination address 10 ::
Convert to 1) (706). The switch 22 distributes the converted IPv6 packet to each IPv6 network connection interface 21. (3) When connection management is performed in the address registration work of (4), the flowcharts of FIGS. 10, 11, and 13 are executed (707). Details of the figure will be described later. Then, the converted IPv6 packet is transmitted to the IPv6 network 7 (708). The source address at this time is
"Virtual prefix (96bit) + IPv4 packet source address (32bit)", that is, "20 :: 10.0.0.1".

When the logic is not established in the processing 701, 702, 703, 704, the IPv4 packet is discarded and the source IP
An ICMP error is returned to the v4 terminal X 3 (709). (5) Packet conversion processing (from an IPv6 terminal to an IPv4 terminal) FIG. 8 converts an IPv6 packet transmitted from an IPv6 terminal into an IPv4 packet in the communication device 5 according to the present invention,
The flowchart which transmits an IPv4 packet to a terminal is shown.
This flowchart will be described with reference to the examples shown in FIGS. 1 and 3.

The IPv6 terminal A 1 has an IPv6 address “20 :: 10.
"0.0.1" is sent as the destination address. The IPv6 packet (source address: 10 :: 1, destination address: 20 :: 10.0.
0.1) reaches the communication device 5. The communication device 5 receives the IPv6 packet through the IPv6 network connection interface 21 and confirms the validity of the IPv6 packet (801).
Here, the validity of the data in the process 801 is to check whether the packet is broken or not. If such validity cannot be confirmed, ICMPv6 (Internet
Control Message Protocol for the Internet Protocol
Version 6) Returns error (destination unreachable) (809). I
CMPv6 errors are known in RFC2463 (Page: 6,7).

Next, the source IPv4 address field 31 is searched using the value of the lower 32 bits "10.0.0.1" of the destination address "20 :: 10.0.0.1" of the received IPv6 packet (80
2). If a record is found in process 802, the IPv6 address field 33 of the address management table 2631 corresponding to the record of “10.0.0.1” of the source address table 262 is set to the source address “10 :: 1” of the IPv6 packet. Search using (803). When the corresponding record is found in process 803, it is checked whether the timer value is equal to or less than the set value (804). If the timer value is less than or equal to the set value in process 804, the timer value is initialized (805).

Next, the virtual IPv4 address "192.1" of the virtual IPv4 address field 32 of the record found in the processing 803 is displayed.
68.0.1 "as the source address and the input IPv6 packet as an IPv4 packet (source address: 192.168.0.1,
Destination address: 10.0.0.1) is converted (806). Switch 2
2 distributes the converted IPv4 packet to each IPv4 network connection interface 23. If connection management is performed in the address registration work of (3) and (4),
2. The flowchart of FIG. 14 is executed (807). Details of the figure will be described later. Then convert the translated IPv4 packet
Send to IPv4 network 6 (808).

When the logic is not established in the processing 801, 802, 803, 804, an ICMPv6 error is returned to the source IPv6 terminal (809).

Although the address registration work of (3) and (4) described above describes the communication between the IPv4 terminal X 3 and the IPv6 terminal A 1, the same virtual IPv4 address which is the object of the present invention can be used. In order to clarify how to reduce the number of reserved virtual IPv4 addresses, IPv4 terminals Y 4 and I
An outline of mutual communication (in the case of new registration) of the Pv6 terminal B 2 will be described.

The IPv4 terminal Y 4 performs the same processing from processing 501 to processing 506 in FIG. 5 in order to communicate with the IPv6 terminal B 2. In process 506, the IPv4 terminal is added to the source address table 262.
Search for the source address "10.0.0.2" of Y4. In the case of new registration, the process 508 registers the source address “10.0.0.2” in the source address table 262, and the process 509 creates a new address management table 2632 for the IPv4 terminal Y 4. In process 510, the destination IPv6 address “10 :: 2” is registered in the first record of the address management table. Hereinafter, processing 511 to processing 517
The same processing is performed up to. In process 518, the virtual IPv4 address "192.168.0.1" is sent as a DNS Reply to the source address "10.0.0.2" held in process 501 (518).

As can be seen from the above description, the IPv4 terminal X 3
In addition, since the virtual IPv4 address “192.168.0.1” can be assigned to the destination address when transmitting to the communication device, the IPv4 terminal Y 4 can also reduce the number of addresses pooled in the communication device. (6) Example for Connection Management Using Terminal Information FIGS. 9 to 16 describe an example for connection management using terminal information. This connection management provides a service for additionally guaranteeing quality when normal packet conversion is performed. These services can provide superior services by priority control over network traffic, ensuring internal system security, and analyzing collected logs. As an example, in FIG. 9, FIG. 10 and FIG. 11, the service form for restricting access to a certain terminal is shown in FIG.
2, FIG. 13, and FIG. 14 are service forms when filtering transmitted / received packets (for example, packet discard), and in FIG. 15 and FIG. 16, how many packets were sent to which terminal by the source terminal The service mode for counting will be described. IPv4 terminal information 35, IPv6 terminal information 36, management IP used in this connection management
The values of the fields of the v4 terminal information 37 and the management IPv6 terminal information 38 have various uses, and can be the value of priority information for performing priority control, or a flag (mark) can be set. Hereinafter, the processing related to connection management is performed by the connection management program 244.

FIGS. 9, 10, and 11 show that some IPv4 terminals (including IPv4 terminal X 3 and IPv4 terminal Y 4) existing in the IPv4 network 6 are IPv6 terminals A 1 in the IPv6 network 7.
How many IPv4 terminals are IP when access is concentrated on
Counts whether you are connected to v6 terminal A 1. The number of connections is realized by counting the IPv6 addresses that are the destination addresses in the address management table 263. In this way, when a load that exceeds the limit on a certain site is applied to the network, by sorting from the one with the highest priority information value, real time property that requires a certain bandwidth such as voice and video is provided. Priority control such as preferentially allocating bandwidth to requested communication can be realized. An example of this is shown below.

FIG. 9 shows an example of a table for storing the counted value of the IPv6 address which is the destination address. A table for storing the counted value (hereinafter, an address count table 2641) includes an IPv6 address field 901, a count value 902, and a limit value 903, and a connection management table 264 in the storage device unit 26.
Stored in. The IPv6 address field 901 represents the destination address of the IPv6 terminal to which the IPv4 terminal has transmitted the packet. In this embodiment, since the access is concentrated on the IPv6 terminal A 1, the IPv6 address “10 :: 1” exists in the IPv6 address field 901. The count value 902 stores the counted value of the IPv6 address that is the destination address.
The count value 902 is a variable and is described below with reference to FIGS.
Enter the value counted in the flowchart. When the count value 902 exceeds the limit value 903, connection management is performed. The limit value 903 indicates a value that serves as the index. This limit value 903 can be freely set / changed from the integrated management system 28. In the case of FIG. 9, when the count value 902 “K_count” of the IPv6 address “10 :: 1” exceeds the limit value 903 “P_limit”,
Connection management is performed.

FIG. 10 shows a flowchart for counting to limit access to a fixed terminal. This flow chart is a flow chart performed as a preparation for performing connection management, and is the processing 516 of FIGS.
Alternatively, it is executed only when connection management is performed in process 608. In reality, connection management is performed when sending and receiving packets (see FIG. 11).

First, it is confirmed whether or not the address count table 2641 exists (1001). If the address count table 2641 exists, the IPv6 address 901 is searched. If it does not exist, a new address count table 2641 is created (1002). Next, the same IPv6 address "1" as the IPv6 address "10 :: 1" registered in the address management table 263 in the process 510 or the process 602 of FIGS.
It is confirmed whether or not "0 :: 1" exists in the address count table 2641 (1003). When the same IPv6 address "10 :: 1" exists, the count value 902 is incremented by 1 (1004). Same IPv6
If the address "10 :: 1" does not exist, a new record of the IPv6 address "10 :: 1" is added to the address count table 2641, and the IPv6 address "10 :: 1" is registered (100
5), the count value 902 is set to an initial value (for example, 1) (1006).

In FIG. 11, the count value 902 "K_count" is the limit value.
903 shows a flowchart for preferentially allocating packets from the terminal information when exceeding 903 “P_limit”. This flowchart is executed after the flowchart of FIG. 10 is executed. Also, in FIG. 7, the packet is
It is performed at the timing of transmission to the Pv6 terminal.

When the network administrator preferentially distributes the packets without using the IPv4 terminal information 35 and the IPv6 terminal information 36 acquired in advance (hereinafter referred to as privilege mode), (110
1), management IPv4 terminal information 37 and management IPv6 terminal information 38 are used. In this privileged mode, the count value 902 in FIG.
By ignoring “K_count” (1102), it is possible to forcibly distribute the management IPv4 terminal information 37 and the management IPv6 terminal information 38 with higher values (1104). Also, FIG.
When the count value 902 “K_count” at the time exceeds the limit value 903 “P_limit” (1103), the management IPv4 terminal information 37 and the management IPv6
The switch 22 is preferentially sorted by the terminal information 38 having the highest value (1104).

When not in the privileged mode (IPv4 terminal information 35 and
IPv6 terminal information 36 is used) when the count value 902 “K_count” counted in FIG. 10 exceeds the limit value 903 “P_limit” (1105), the IPv4 terminal information 35 and the IPv6 terminal information previously acquired
The one with the highest value of 36 is preferentially distributed by the switch 22 (1106).

12, FIG. 13, and FIG. 14 show packet filtering (for example, packet discarding) when an IPv4 terminal sends a packet to an IPv6 terminal or when an IPv6 terminal sends a packet to an IPv4 terminal. To do. By filtering packets in this way, it is possible to improve the safety of the internal system by limiting access from the outside. An example of this is shown below.

When a packet is transmitted from the IPv4 terminal to the IPv6 terminal, this is realized by setting a mark (hereinafter, flag) in the IPv4 terminal information 35 (for example, 1), and the packet is transmitted from the IPv6 terminal to the IPv4 terminal. In that case, it is realized by setting a flag in the IPv6 terminal information 36. When using the IPv4 terminal information field 35 and the IPv6 terminal information field 36 which are given in advance, for example, the communication carrier or the like sets a flag before the service starts depending on the service form of the terminal user. , It is possible to perform a service that discards only certain packets when using the service.

In addition to this, when the network administrator does not discard illegal packets, the management IPv4 terminal information
37 and management IPv6 terminal information 38 are used. IPv4 terminal to IP
IPv4 terminal information for management when sending packets to v6 terminals
This is realized by setting a flag in 37, and when transmitting a packet from an IPv6 terminal to an IPv4 terminal, it is realized by setting a flag in management IPv6 terminal information 38.

FIG. 12 shows the permission list table 2641 of the IPv4 terminal X 3 and the permission list table 264 of the management IPv4 terminal X 3.
2, IPv6 terminal A 1 allow list table 2643, management IP
The permission list table 2644 of the v6 terminal A 1 is shown.

This permit list table has port number 12
It consists of 01. The port number 1201 represents a number used for identifying an application or service in TCP / IP communication, and is included in the header of the packet. The permission list table is also stored in the connection data storage unit 265.
, And the port number 1201 can be freely set / changed from the integrated management system 28. This port number 12
By identifying 01, not only all packets can be dropped, but also packets can be partially dropped as per application.

These permission list tables exist for each terminal, and there are a permission list table and a management permission list table. The former (IPv4 terminal permission list table
2641 and the IPv6 terminal permission list table 2643) include the IPv4 terminal information field 35 and the IPv6 terminal information field described above.
Used when 36 is flagged, the latter (IPv4 for management
The terminal permission list table 2642 and the management IPv6 terminal permission list table 2644) are used when there are flags in the management IPv4 terminal information field 37 and the management IPv6 terminal information field 38. Also, the permission list table is
It is associated when the address management table 263 of the corresponding terminal is created. For example, in the case of IPv4 terminal X3, IPv4 terminal X3 permission list table 2641 and management I
Allow list table 2642 for Pv4 terminal X3 is IPv4 terminal X3
The address management table 2631 is associated each time it is created.

FIG. 13 shows a flowchart for discarding the IPv4 packet (source address 10.0.0.1, destination address 192.1680.0.1) received by the communication device 5 when the IPv4 terminal X 3 transmits to the IPv6 terminal A 1. . This flow chart is
Executed when sending 7 IPv4 packets. As a precondition, it is assumed that when the address management table 2631 of the IPv4 terminal X 3 is created, the permit list table 2641 of the IPv4 terminal X 3 and the permit list table 2642 of the IPv4 terminal X 3 for management are associated with each other.

First, it is searched whether the flag "1" is set in the management IPv4 terminal information field 37 in the address management table 2631 of the IPv4 terminal X 3 (1301). When the flag is "1" (1302), the port number 1201 of the permit list table 2642 of the management IPv4 terminal X3 and the port number in the IPv4 packet are sequentially compared to see if they are the same (1303). If the flag “1” does not exist, it is searched whether the flag is set in the IPv4 terminal information field 35 (1304). If the result of comparison in the processing 1303 is the same, processing 1304 is performed. If the result of processing 1303 is not the same, the packet is discarded (130
7), the IPv4 terminal X 3 that is the sender for discarding the packet
Returns an ICMP error to notify (1308). Further, even when there is no value of the port number 1201 of the permission list table 2642 of the IPv4 terminal X 3 for management, it is processed as a case where the result of the processing 1303 is not the same.

If there is a flag “1” in processing 1304 (130
5) The port number 1201 of the allow list table 2641 of the IPv4 terminal X 3 and the port number in the IPv4 packet are compared to see if they are the same (1306). If the comparison results are the same, the packet is allowed to pass, and if they are not the same, the packet is discarded (1307) and an ICMP error is returned (1308). Further, even when the value of the port number 1201 of the allow list table 2641 of the IPv4 terminal X 3 does not exist, the result of the processing 1306 is not the same. If the flag “1” is not present in processing 1305, the passage of the packet is permitted.

In FIG. 14, the IPv6 packet (source address 10 :: 1, destination address 20 :: 10.0.0.1) received by the communication device 5 when the IPv6 terminal A 1 transmits to the IPv4 terminal X 3 is discarded. The flowchart to do is shown. This flowchart is shown in Figure 8.
It is executed when sending IPv6 packet. As in FIG. 13, as a prerequisite, the address management table 263 of the IPv4 terminal X 3 is used.
When 1 was created, IPv4 terminal X 3 allowed list table
2641 with 3 allowed IPv4 terminals for management Allowed table table 2642
Are associated with.

First, it is searched whether the flag “1” is set in the management IPv6 terminal information field 37 in the address management table 2631 of the IPv4 terminal X 3 (1401). When the flag is "1" (1402), the port number 1201 of the permit list table 2644 of the IPv6 terminal A 1 for management is sequentially compared with the port number in the IPv6 packet (1403). If the flag "1" does not exist, it is searched whether the flag is set in the IPv6 terminal information field 36 (1404). If the result of comparison in process 1403 is the same, process 1404 is performed. If the result of processing 1403 is not the same, discard the packet (140
7), IPv6 terminal A 1 that is the sender of discarding the packet
Returns an ICMPv6 error to notify (1408). Also,
Even when the value of the port number 1201 of the allow list table 2644 of the IPv6 terminal A 1 for management does not exist, it is processed as the case where the result of the processing 1403 is not the same.

When the flag 1 is found in the processing 1404 (140
5) The port number 1201 of the allow list table 2643 of the IPv6 terminal A 1 and the port number in the IPv6 packet are compared to see if they are the same (1406). If the comparison result is the same, the packet is allowed to pass. If the comparison result is not the same, the packet is discarded (1407) and an ICMP error is returned (1408). Also, when the value of the port number 1201 of the allow list table 2643 of the IPv6 terminal A 1 does not exist, the processing result of the processing 1406 is not the same. If the flag “1” does not exist in processing 1405, the packet passage is permitted.

In FIG. 15 and FIG. 16, the source IPv4 terminal X 3 is
An example of counting how many packets have been transmitted to which terminal in the Pv6 network 7 will be shown. In this example, IP
When v4 terminal X 3 sends to IPv6 terminal A 1, the sent IP
Store the counted value of the v4 packet in the management IPv4 terminal information 37, and when the IPv6 terminal A 1 transmits to the IPv4 terminal X 3, substitute the counted value of the transmitted IPv6 packet in the management IPv6 terminal information 38. It is realized by doing.

Address management table 2631 of IPv4 terminal X 3
Can count each destination IPv6 terminal, so you can see to which terminal and how many packets were sent. Various services can be provided by using this data. By collecting the log of the usage data of the terminal user, for example, the total traffic sent by the IPv4 terminal X 3 can be calculated from the sum of the counted values of the management IPv4 terminal information field 37 in the address management table 2361 of the IPv4 terminal X 3. The total traffic of the entire network can be calculated by calculating the amount or by summing the counted values of the management IPv4 terminal information field 37 of each address management table 236,
Set a unit price for each packet for each destination terminal,
Packet charging can be performed by obtaining the sum.

FIG. 15 shows a flowchart for increasing the count value by 1 when transmitting an IPv4 packet from an IPv4 terminal to an IPv6 terminal. This flowchart is based on IPv4 in Figure 7.
It is executed when a packet is sent.

When the IPv4 terminal X 3 transmits to the IPv6 terminal A 1, the value of the management IPv4 terminal information field 37 is incremented by 1 (1
501).

FIG. 16 shows a flowchart for increasing the count value by 1 when transmitting an IPv6 packet from an IPv6 terminal to an IPv4 terminal. This flowchart is based on IPv6 in Figure 8.
It is executed when a packet is sent.

When the IPv6 terminal A 1 transmits to the IPv4 terminal X 3, the value of the management IPv6 terminal information field 38 is incremented by 1 (1
601). (7) Record Deletion Process A process for deleting the record registered in the address registration work of FIGS. 5 and 6 will be described. Periodically, the address management table 263 is searched for a record in which the timer value 34 exceeds the set value, and a process of deleting the record is performed. Hereinafter, the record deletion process is performed by the address management table control program 241.

FIG. 17 shows an example of a flow chart of the record deleting process. Further, description will be made with reference to FIGS. 3, 5, and 6. It is checked whether the first record of the source address table 262 exists (1701). Hereinafter, the processing related to the address management table is performed by the address management table control program 241. If there is a record,
The record in which the value of the timer field 34 of the corresponding address management table 263 exceeds Y is searched, and the record at that time is held (1702). Here, in FIG.
If connection management is being performed in the address registration work of FIG. 6 (1703), the flowchart of FIG. 18 is executed. FIG. 18 will be described later.

Next, the record held in the processing 1702 is deleted (1704). This deletion is a work of initializing the IPv6 address field 33 and the timer field 34 to NULL. Here, if connection management was performed in process 1703, IPv4 terminal information 35, IPv6 terminal information 36, management IPv4
The terminal information 37 and the management IPv6 terminal information 38 are also initialized to NULL. When all the timer records 34 of the address management table 263 are NULL (1705), that is, when all the records are deleted, the address management table 263 itself and the corresponding record of the source address table 262 are also deleted ( 1706). If there is the next record in the source address table 262, the processing is repeated from the processing 1702 (1707).
When the deletion process is completed for all the records in the source address table 262, the process ends.

FIG. 18 shows a flowchart for reducing the count value 902 by 1 when the record deletion process of FIG. 17 is performed. This flowchart is executed when the record deletion processing of FIG. 17 is performed while the connection management is performed in FIGS. 5 and 6. Address count table that has the same IPv6 address as the IPv6 address stored in process 1702
Decrement the count value 902 of the record in 2641 by 1 (1801).
When the count value 902 becomes 0 when it is decreased by 1 (1802), the record that has become 0 is deleted (180
3). If the count value 902 has not become 0, the processing returns to the record deletion processing of FIG. Next, when all the records in the address count table 2641 are gone (1804), the address count table 2641 is deleted (1805). If the records in the address count table 2641 are not exhausted, the process returns to the record deletion process of FIG.

[0089]

According to the present invention, a service provider that provides an Internet connection using IPv6 can access a subscribing IPv6 terminal from an IPv4 network such as the Internet with a global IPv4 address that is sufficiently smaller than the number of subscribing terminals. It is possible to provide.

Further, according to the present invention, by providing the service for guaranteeing the communication quality by using the communication device, it is not necessary to give each node a function for identifying the priority information in the packet. The communication device can centrally manage each terminal, and can handle a wide variety of data transmitted and received through the communication device.

[Brief description of drawings]

FIG. 1 shows a conceptual diagram of a network using a communication device according to the present invention.

FIG. 2 shows a block diagram of a communication device according to the present invention.

FIG. 3 shows an example of a conversion table in the communication device according to the present invention.

FIG. 4 shows an example of an operation for registering an address using the communication device according to the present invention.

FIG. 5 shows an example of a flowchart of a work for newly registering an address using the communication device according to the present invention.

FIG. 6 shows an example of a flowchart in the case where a source address exists in the work of registering an address using the communication device according to the present invention.

FIG. 7 shows an example of a flowchart of packet conversion processing (from an IPv4 terminal to an IPv6 terminal).

FIG. 8 shows an example of a flowchart of packet conversion processing (from an IPv6 terminal to an IPv4 terminal).

FIG. 9 shows an example of a table that stores the values counted in order to restrict access to a certain fixed site.

FIG. 10 shows an example of a flowchart for counting (increase) to limit access to a certain site.

FIG. 11 shows an example of a flowchart for performing connection management using the values counted in FIG.

FIG. 12 shows an example of a table showing port numbers of packets permitted when filtering is performed.

FIG. 13 shows an example of a flowchart when filtering packets transmitted from an IPv4 terminal to an IPv6 terminal.

FIG. 14 shows an example of a flowchart when filtering packets transmitted from an IPv6 terminal to an IPv4 terminal.

FIG. 15 shows an example flowchart for counting how many terminals in an IPv4 network have sent packets to some terminals in an IPv6 network.

FIG. 16 shows an example flowchart for counting how many terminals in an IPv6 network have sent packets to some terminals in an IPv4 network.

FIG. 17 shows an example of a flowchart of record deletion processing.

FIG. 18 shows an example of a flowchart for counting (decreasing) to limit access to a certain site.

[Explanation of symbols]

1, 2 ... IPv6 terminal, 3, 4 ... IPv4 terminal, 5 ... communication device,
6 ... IPv4 network, 7 ... IPv6 network, 21 ...
IPv6 network connection interface, 22 ... switch,
23 ... IPv4 network connection interface, 24 ... Program storage unit, 25 ... Control unit (processor), 26 ...
Storage unit, 27 ... Maintenance interface, 28 ... Integrated management system.

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Koji Hirayama             216 Totsuka Town, Totsuka Ward, Yokohama City, Kanagawa Prefecture             Ceremony Hitachi Network Platform             Home Business Division (72) Inventor Hiroaki Takashima             216 Totsuka Town, Totsuka Ward, Yokohama City, Kanagawa Prefecture             Ceremony Hitachi Network Platform             Home Business Division F-term (reference) 5K030 GA08 HA08 HD03 HD09                 5K033 AA09 CB09 DA05 DB18 EC03

Claims (4)

[Claims] 1. A communication device connected to a plurality of first terminals and a second terminal, wherein a first means for storing a translated address for each of the plurality of first terminals, and a destination second from a transmission source first terminal. A second means for receiving the address resolution request of the terminal based on the name resolution request of the destination second terminal; and a second means for acquiring the address of the destination second terminal based on the acquired address of the destination second terminal. A communication device comprising: a third means for retrieving a translated address from one means; and a fourth means for notifying the retrieved translated address to the transmission source first terminal. 2. When the source first terminal receives the notification of the translated address from the communication device, the source first terminal sends a packet including the translated address to the communication device, and the communication device receives the packet. Based on the translated address contained in the packet, the address of the destination second terminal is retrieved from the first storage means, and a packet containing the retrieved address of the destination second terminal is transmitted to the destination second terminal. The communication device according to claim 1, wherein: 3. The first terminal is an IPv4 (Internet Protocol).
version 4) A communication device according to claim 1, which is a terminal. 4. The second terminal is an IPv6 (Internet Protocol).
version 6) A communication device according to claim 1, which is a terminal.